[tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode
Nikita Pettik
korablev at tarantool.org
Wed Feb 20 14:57:40 MSK 2019
Since previous commit allows us to raise an error during msgpack decode
inside VDBE, lets do this if decoded integer is out of
[INT64_MIN, INT64_MAX] range and set "integer is overflowed" diagnostic
message.
Closes #3735
Workaround for #3810
---
src/box/sql/vdbe.c | 7 +++++--
src/box/sql/vdbeaux.c | 10 +++++-----
test/sql/integer-overflow.result | 18 ++++++++++++++++++
test/sql/integer-overflow.test.lua | 8 ++++++++
4 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/src/box/sql/vdbe.c b/src/box/sql/vdbe.c
index d38f61774..dd3797fc0 100644
--- a/src/box/sql/vdbe.c
+++ b/src/box/sql/vdbe.c
@@ -2738,8 +2738,11 @@ case OP_Column: {
sqlVdbeMemSetNull(pDest);
}
uint32_t unused;
- vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
- pDest, &unused);
+ if (vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
+ pDest, &unused) != 0) {
+ rc = SQL_TARANTOOL_ERROR;
+ goto abort_due_to_error;
+ }
/* MsgPack map, array or extension (unsupported in sql).
* Wrap it in a blob verbatim.
*/
diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c
index ba9b96645..4df58f20c 100644
--- a/src/box/sql/vdbeaux.c
+++ b/src/box/sql/vdbeaux.c
@@ -3715,12 +3715,12 @@ vdbe_decode_msgpack_into_mem(const char *buf, struct Mem *mem, uint32_t *len)
case MP_UINT: {
uint64_t v = mp_decode_uint(&buf);
if (v > INT64_MAX) {
- mem->u.r = v;
- mem->flags = MEM_Real;
- } else {
- mem->u.i = v;
- mem->flags = MEM_Int;
+ diag_set(ClientError, ER_SQL_EXECUTE,
+ "integer is overflowed");
+ return -1;
}
+ mem->u.i = v;
+ mem->flags = MEM_Int;
break;
}
case MP_INT: {
diff --git a/test/sql/integer-overflow.result b/test/sql/integer-overflow.result
index 762ebbf29..4754c046c 100644
--- a/test/sql/integer-overflow.result
+++ b/test/sql/integer-overflow.result
@@ -56,3 +56,21 @@ box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
---
- error: 'Type mismatch: can not convert 9.22337203685478e+18 to integer'
...
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+---
+...
+box.space.T:insert({9223372036854775809})
+---
+- [9223372036854775808]
+...
+box.sql.execute('SELECT * FROM t;')
+---
+- error: 'Failed to execute SQL statement: integer is overflowed'
+...
+box.space.T:drop()
+---
+...
diff --git a/test/sql/integer-overflow.test.lua b/test/sql/integer-overflow.test.lua
index ec7eb433e..45fc209fd 100644
--- a/test/sql/integer-overflow.test.lua
+++ b/test/sql/integer-overflow.test.lua
@@ -24,3 +24,11 @@ box.sql.execute('SELECT CAST(\'9223372036854775808\' AS INTEGER);')
-- with error due to conversion = 8.
--
box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+box.space.T:insert({9223372036854775809})
+box.sql.execute('SELECT * FROM t;')
+box.space.T:drop()
--
2.15.1
More information about the Tarantool-patches
mailing list